Suspicious Connections Components | Trend Micro Service Central

Views:

Component	Description
Global C&C IP List	The Global C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel. Apex One logs all connection information to servers in the Global C&C IP list for evaluation.
Relevance Rule Pattern	The Suspicious Connections service uses the Relevance Rule Pattern to detect unique malware family signatures located in the headers of network packets.

Component

Description

Global C&C IP List

The Global C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel.

Apex One logs all connection information to servers in the Global C&C IP list for evaluation.

Relevance Rule Pattern

The Suspicious Connections service uses the Relevance Rule Pattern to detect unique malware family signatures located in the headers of network packets.